Upon successful completion of this Course, the participant will be able to: ï?· Describe ArcSight ESM user roles which include Admin user, Author, Operator, Analyst, Security Manager, and Business user.

- Describe ArcSight ESM Product Components which collect, process, model, prioritize, correlate, monitor, analyze, store, and archive enterprise-generated events.

- Describe the ArcSight ESM Event Schema and how it is used to normalize base data into information for ArcSight Aggregation and Correlation to be used in Filters, Rules, Data Monitors, and Reporting.

- List the 6 Phases of ArcSight ESM Event Lifecycle and describe the functional processing which occurs during each phase

- Navigate the ArcSight ESM Console and Web Components to effectively Correlate, Investigate, Analyze, and Remediate both exposed and obscure vulnerabilities to give situational awareness and real time incident response.

- Customize an ArcSight ESM environment by creating Active Channels, Data Monitors, and Dashboards to visually manage security event data sources in an enterprise environment.

- Utilize ArcSight ESM Stock Content, such as standard Filters, Rules, Active Lists and Reports, which make ArcSight ready to use upon initial installation.

- Design and implement custom Filters, Rules, Session Lists and Active Lists, along with Integrated Case Management and Workflow, to identify, categorize, and, if needed, escalate events of interest and manage event data streams flowing into ArcSight ESM.

- Given criteria definition and event parameters, use both standard content and custom settings within ArcSight ESM Reporting resources to author, test, schedule, and generate selected report jobs.

- Implement Network and Asset Models to build a custom business-oriented view within an ArcSight ESM environment manually.
- Verify the validity of your ArcSight resources using Query Viewers as well as utilize Query Viewers in order to establish and compare baseline results, analyze historical data to find patterns in network activity and perform investigations on a particular aspect of the result.